nc is *hobbit*'s netcat; let the sysadm have the same tools the crackers

have, so that he may learn what the network is about and protect it better.

1 files changed, 60 insertions, 0 deletions

diff --git a/usr.bin/nc/data/pmap-dump.d b/usr.bin/nc/data/pmap-dump.d
new file mode 100644
index 00000000000..bc6b63277df
--- /dev/null
+++ b/usr.bin/nc/data/pmap-dump.d
@@ -0,0 +1,60 @@
+# portmap dump request: like "rpcinfo -p" but via UDP instead
+# send to UDP 111 and hope it's not a logging portmapper!
+# split into longwords, since rpc apparently only deals with them
+
+001 # 0x01 # .	# XID: 4 trash bytes
+002 # 0x02 # .
+003 # 0x03 # .
+004 # 0x04 # .
+
+000 # 0x00 # .	# MSG: int 0=call, 1=reply
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .	# pmap call body: rpc version=2
+000 # 0x00 # .
+000 # 0x00 # .
+002 # 0x02 # .
+
+000 # 0x00 # .	# pmap call body: prog=PMAP, 100000
+001 # 0x01 # .
+134 # 0x86 # .
+160 # 0xa0 # .
+
+000 # 0x00 # .	# pmap call body: progversion=2
+000 # 0x00 # .
+000 # 0x00 # .
+002 # 0x02 # .
+
+000 # 0x00 # .	# pmap call body: proc=DUMP, 4
+000 # 0x00 # .
+000 # 0x00 # .
+004 # 0x04 # .
+
+# with AUTH_NONE, there are 4 zero integers [16 bytes] here
+
+000 # 0x00 # .	# auth junk: cb_cred: auth_unix = 1; NONE = 0
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .	# auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .	# auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+000 # 0x00 # .	# auth junk
+000 # 0x00 # .
+000 # 0x00 # .
+000 # 0x00 # .
+
+# The reply you get back contains your XID, int 1 if "accepted", and
+# a whole mess of gobbledygook containing program numbers, versions,
+# and ports that rpcinfo knows how to decode.  For the moment, you get
+# to wade through it yourself...